Codeigniter重定向未在相对重定向中保留HTTPS [英] Codeigniter redirect not preserving HTTPS in relative redirects
问题描述
我有一个拥有公共区域和私有区域的站点。专用区域
应该通过HTTPS提供服务。我想一次重定向到一个明确的HTTPS URL,然后使用相对URLS来确保所有链接都是安全的。当用户注销时,我将显式链接到绝对不安全的HTTP URL。
I have a site which has a public and a private area. The private area should be served via HTTPS. I want to redirect once to an explicit HTTPS url, and then, using relative URLS, have all the links be secure. When the user logs out, I will explicitly link to an absolute non-secure HTTP URL.
我的登录表单会通过常规HTTP显示为非安全站点。我的登录表单发布到 https://www.mysite.com/login/validate
,它使用安全连接加载。
My login form is shown a non-secure site via regular HTTP. My login form posts to https://www.mysite.com/login/validate
, which loads using a secure connection.
我的日志显示Apache正在通过HTTPS加载URL,而codeigniter正确地进行了验证。
My logs show that Apache is loading the URL via HTTPS and codeigniter is doing its validation correctly.
在控制器功能结束时,我重定向到 / myaccount
使用CodeIgniter的URL帮助器的 redirect
方法和相对URL。
At the end of my controller function I redirect to /myaccount
using CodeIgniter's URL helper's redirect
method with a relative URL.
redirect('/myaccount');
这会导致codeigniter重定向到非HTTPS URL。
This causes codeigniter to redirect to a non-HTTPS URL.
我的配置base_url是非HTTPS:
My config base_url is non-HTTPS:
$config['base_url'] = "http://www.mysite.com"
这是因为网站的某些部分是安全的,而其他部分则不是。
This is because some parts of the site are secure while others are not.
有没有一种方法可以告诉CodeIgniter在进行相对重定向时保留HTTPS?如果假设当前控制器是通过HTTPS加载的,而我正在执行相对重定向,为什么要假设我要去非HTTPS站点呢?
Is there a way to tell CodeIgniter to preserve HTTPS when doing relative redirects? Why is it assuming I want to go to a non-HTTPS site if the current controller was loaded via HTTPS and I am doing a relative redirect?
对我来说,理想的行为是,如果我正在进行相对重定向,则它应该保留加载当前请求所通过的协议。取而代之的是,它切换到config base_url定义的内容,即使是相对重定向也是如此。
The desired behavior for me is that if I am doing relative redirect, it should preserve the protocol through which the current request was loaded. Instead, it is switching to what the config base_url has defined, even for relative redirects.
推荐答案
使用此:
$config['base_url'] = "http".((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") ? "s" : "")."://".$_SERVER['HTTP_HOST'].str_replace(basename($_SERVER['SCRIPT_NAME']),"",$_SERVER['SCRIPT_NAME']);
代替此:
$config['base_url'] = "http://www.example.com"
这将始终重定向到您想要的位置。您甚至不必输入域名,只需按原样使用它即可!
This'll always redirect to where you want it. You don't even have to enter your domain name, just use it as is!
我还自动加载了此帮助程序:
In addition to the above, I also autoload this helper:
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
function is_https_on()
{
return isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on';
}
function use_ssl($turn_on = TRUE)
{
$url = $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
if ( $turn_on )
{
if ( ! is_https_on() && $_SERVER['HTTP_HOST'] != 'localhost')
{
redirect('https://' . $url, 'location', 301 );
exit;
}
}
else
{
if ( is_https_on() )
{
redirect('http://' . $url, 'location', 301 );
exit;
}
}
}
/* End of file https_helper.php */
/* Location: ./application/helpers/https_helper.php */
有了此设置,我可以将我的各个页面设置为始终使用HTTPS / HTTP(
With this in place, I can set my individual pages to always use HTTPS/HTTP (either in a single method in my controller, or - if I want it to affect the whole controller - in the constructor).
我只使用:
use_ssl();
在脚本开始处,以确保它是通过HTTPS加载的。
at the beginning of the script, to ascertain that it is loaded via HTTPS.
或者,如果我只想通过HTTP服务,我将使用:
Alternatively, if I only want to serve it through HTTP, I'll use:
use_ssl(FALSE);
这篇关于Codeigniter重定向未在相对重定向中保留HTTPS的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!